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CCNA Security Lab 8 - Role-Based CLI Access - CLI 

Lab 8 

Role-Based CLI Access 
Lab Objective: 

The objective of this lab exercise is for you to learn and understand how 
implement Role Based CLI access on Cisco IOS routers. 

Lab Purpose: 

The Role-Based CLI Access feature allows the network administrator to define 
"views," which are a set of operational commands and configuration capabilities 
that provide selective or partial access to EXEC and configuration mode 
commands. This allows administrators to exercise better control over access to 
Cisco networking devices. 

Lab Difficulty: 

This lab has a difficulty rating of 8/10. 

Readiness Assessment: 

When you are ready for your certification exam, you should complete this lab in 
no more than 15 minutes. 

Lab Topology: 

Please use any single router to complete this lab 



Lab 8 Configuration Tasks 
Task 1: 

Configure the hostname of the router as illustrated in the following diagram. 

Task 2: 

Configure an enable secret of c?sco 
on Rl. 

Task 3: 

Configure the IOS Role-Based CLI Access on Rl as follows: 


View Name View Password View Commands 






BASIC 

basic 

1. 

The show hardware command 



2. 

The show version command 



3. 

The show inventory command 

EXPERT 

expert 

1. 

All show commands 

CONFIG 

config 

1. 

All configure commands 

Task 4: 





Create a view named SUPER. This View should contain all possible show and configure commands 
contained in all other views that were previously created. 

Task 5: 

Verify your configuration by logging into the router using different credentials. 


Lab 8 Configuration and Verification 
Task 1: 

Router(config)#hostname R1 

Rl(config)#end 

Rl# 

Task 2: 

To complete this Task, it is important that you remember that you must use the CTRL/V keystrokes to be 
able to use the question mark in a password on Cisco IOS devices. 

Rl(config)#enable secret c?sco 

Rl(config)#exit 

Rl# 

Task 3: 

Rl(config)#aaa new-model 
Rl(config)#exit 
Rl#disable 
Rl>enable view 

Password: 


Rl# 

Rl#show parser view 

Current view is 'root' 

Rl# 

Rl# 

Rl#config t 

Enter configuration commands, one per line. End with CNTL/Z. 

Rl(config)#parser view BASIC 



Rl(config-view)#secret basic 

Rl(config-view)#commands exec include show hardware 
Rl(config-view)#commands exec include show version 
Rl(config-view)#commands exec include show inventory 

Rl(config-view)#exit 

Rl(config)#parser view EXPERT 

Rl(config-view)#secret expert 
Rl(config-view)#commands exec include all show 
Rl(config-view)#exit 
Rl(config)#parser view CONFIG 

Rl(config-view)#secret config 

Rl(config-view)#commands exec include all configure 

R1 (config-view )#exit 

Rl(config)#exit 

Rl# 

Task 4: 

Rl(config)#parser view SUPER superview 

Rl (config-view )#secret super 
Rl (config-view )#view BASIC 
Rl (config-view )#view EXPERT 
Rl (config -view )#view CONFIG 
Rl (config -view )#exit 
Rl(config)#exit 
Rl# 

Task 5: 

The first view we will validate is the BASIC view as configured on Rl. This view will be limited to just a 
select few show commands. 

Rl#disable 

Rl> 

Rl> 

Rl>enable view BASIC 

Password: 

Rl# 


Rl# 



Rl#? 


Exec commands: 

enable Turn on privileged commands 
exit Exit from the EXEC 
show Show running system information 
Rl# 

Rl#show ? 

flash: display information about flash: file system 

hardware Hardware specific information 
inventory Show the physical inventory 
parser Show parser commands 
version System hardware and software status 
Rl# 

Rl#show parser view 

Current view is 'BASIC' 

The second view we will validate is the EXPERT view as configured on Rl. This view will have access to 
the entire range of show commands. 

Rl>enable view EXPERT 

Password: 

Rl# 

Rl# 

Rl#show parser view 

Current view is 'EXPERT' 

Rl# 

Rl#? 

Exec commands: 

enable Turn on privileged commands 
exit Exit from the EXEC 
show Show running system information 
Rl# 

Rl#show ? 

aaa Show AAA values 

accounting Accounting data for active sessions 

alarm-interface Display information about a specific Alarm Interface 


C a rrl 



alignment Show alignment information 

appfw Application Firewall information 

archive Archive of the running configuration information 

arp ARP table 

auto Show Automation Template 

backup Backup status 

—[Truncated Output]— 

The third view we will validate is the CONFIG view as configured on Rl. This view will have only 
configuration commands. 

Rl>enable view CONFIG 

Password: 


Rl#? 

Exec commands: 

configure Enter configuration mode 
enable Turn on privileged commands 
exit Exit from the EXEC 
show Show running system information 

Rl#show ip int brie 

/\ 

% Invalid input detected at ,/v marker. 

Reconfigure 

Configuring from terminal, memory, or network [terminal]? terminal 
Enter configuration commands, one per line. End with CNTL/Z. 

Rl(config)# 

Rl(config)#exit 

Rl# 

Rl#show parser view 

Current view is 'CONFIG' 

The final view we will validate is the SUPER view as configured on Rl. This view will have all possible 
show and configure commands that are supported in the Cisco IOS software. Flowever, this view will not 
have any debug commands available!! Those will be available to the ROOT. 

Rl>enable view SUPER 


Password: 



Rl#? 


Exec commands: 

configure Enter configuration mode 
enable Turn on privileged commands 
exit Exit from the EXEC 


show Show running system information 

Rl# 

Rl#show ip interface brief 


Interface 

IP-Address 

OK? Method Status 

Protocol 

FastEthernetO/O 

unassigned 

YES manual up 

up 

SerialO/O 

Rl# 

Reconfigure 

unassigned 

YES manual up 

up 


Configuring from terminal, memory, or network [terminal]? terminal 
Enter configuration commands, one per line. End with CNTL/Z. 
Rl(config)#exit 
Rl# 

Rl#show parser view 

Current view is 'SUPER 

Lab 8 Configurations 
Rl Configuration 

Rl#show run 
Building configuration... 

Current configuration : 1295 bytes 
! 

version 12.4 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 
! 

hostname Rl 
! 

rf rr,-, y-\sr- 
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boot-end-ma rker 
! 

no logging console 

enable secret 5 $l$bjlQ$6UA5t8qk8xaXVH0vZC3WB/ 
! 

aaa new-model 
! 

! 

! 

! 

aaa session-id common 
no network-clock-participate slot 1 
no network-clock-participate wic 0 
ip cef 
! 

! 

! 

! 

! 

multilink bundle-name authenticated 
! 

! 

! 

! 

i 


archive 
log config 
hidekeys 



interface FastEthernetO/O 
no ip address 
duplex auto 
speed auto 
! 

interface SerialO/O 
no ip address 
! 

ip forward-protocoI nd 
! 

! 

ip http server 
no ip http secure-server 
! 

! 

! 

! 

! 

control-plane 

! 

! 

! 

line con 0 
line aux 0 
line vty 0 3 
line vty 4 

parser view BASIC 

secret 5 $l$oi7H$u4u8IrhImpWVXHs2nfDKpO 
commands exec include show inventory 
commands exec include show version 
commands exec include show hardware 
commands exec include show 

i 


parser view EXPERT 

secret 5 $l$aPyv$Oq/IUadCBjEG5Hyl\lo09Qul 



commands exec include all show 


parser view CONFIG 

secret 5 $l$g/3P$kazl6S9zkjDNV.Fsc4AWe/ 
commands exec include configure 
! 

parser view SUPER superview 

secret 5 $l$tZZI$UW/C0ZeJ/rn6C3ntutJo01 

view BASIC 

view EXPERT 

view CONFIG 


end 
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